Philadelphia Insurance Companies has started restoring access to internal systems following a network outage, affecting its email, phone, and online platforms.
In an update, the insurer said that limited network access had been restored and that employees across the country were regaining use of key systems, including email. The company said the shutdown had been implemented to contain a potential threat and to secure its systems and data.
Philadelphia Insurance confirmed that the incident was not a ransomware attack. It also reported that no systems were encrypted.
While system access is gradually returning, the company indicated that a full return to normal operations would take time. According to the insurer, technical teams have been working continuously since the initial alert to suspicious activity was received.
A forensic investigation is now underway to determine the nature and scope of the incident.
The company previously said that the disruption impacted all communication and digital application channels, including phone systems and online services, beginning the weekend of June 9.
Despite these issues, customers were still able to file claims by phone, and company representatives provided service through regional agent networks. The incident marked a significant interruption in service but did not halt core policyholder functions.
Around the same time, another insurer, Erie Insurance, also experienced a network disruption that started June 7. While the companies did not confirm a link, the similarity in timing and scope has prompted cybersecurity analysts to investigate the possibility of coordinated intrusions.
Both insurers cited the detection of unauthorized access as the cause for system shutdowns, underscoring growing concerns around sector-wide vulnerabilities.
Investigators and industry analysts have pointed to the possibility of involvement by a threat actor known as Scattered Spider, also referred to as UNC3944. The group is known for using social engineering tactics, such as impersonating employees and bypassing multifactor authentication, to breach corporate systems.
Its tactics are considered sophisticated and have previously targeted firms in telecommunications, hospitality, and insurance, according to threat intelligence research.
The insurance sector’s increasing exposure to targeted cyberattacks has raised alarms among industry observers. Experts suggest that attackers are adapting their methods and choosing industries based on evolving opportunity and perceived vulnerability.
What are your thoughts on this story? Please feel free to share your comments below.
